cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
853
Views
0
Helpful
3
Replies

AAA server assign ip address for IPsec per users

yzhang1
Level 1
Level 1

I have Cisco ACS 3.0 as AAA server, and I have Cisco 7206VXR as VPN concentrater,and VPN client is 3.X for WIN XP. I want to known How assign static ip address for per vpn client(not using ip pool)?

3 Replies 3

sachinraja
Level 9
Level 9

Hello..

configure the router to forward all the authentication requests of the client to the tacacs server. configure the user options on the tacacs server to assign static ip for the user.

On the router configure :

crypto map clientmap client authentication list userauthen

crypto map clientmap isakmp authorization list groupauthor

aaa authentication login userauthen group tacacs+

aaa authorization network groupauthor group tacacs+

ON the ACS server:

after adding the user, under the client IP address assignment , select the option assign static IP addresses and the put an ip address there.

Try this and let us know !!

but if we used is a pix not a router, there is no authorization we can configure.

How to assign a static ip to vpn client.

thanks!

Regards

Many thanks for your response!!!

Yes,I have done it, We know VPN client will get ip address from ACS serser during Xauth,But fist authen about IKE groupname & preshare key is Failure, I have set the IKE groupname & preshare in ACS server, But failure still, What's do you think about it ?